package com.qf.shiro;

import com.qf.pojo.DtsAdmin;
import com.qf.service.AdminService;
import com.qf.service.RoleService;
import com.qf.service.PermsService;
import com.qf.util.bcrypt.BCryptPasswordEncoder;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.Set;

/**
 * AuthorizingRealm: 有认证方法  有授权方法
 * @author luo
 */
public class AdminAuthorizingRealm extends AuthorizingRealm {

    @Autowired
    private AdminService adminService;
    @Autowired
    private RoleService roleService;
    @Autowired
    private PermsService permsService;

    /**
     * 自定义的授权方法
     * @param principals the primary identifying principals of the AuthorizationInfo that should be retrieved.
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        //用户对象
        DtsAdmin dtsAdmin = (DtsAdmin) principals.getPrimaryPrincipal();
        //查询角色集合Set
        Set<String> roleSet = roleService.findRolesByRoleIds(dtsAdmin.getRoleIds());
        //查询权限集合Set
        Set<String> permsSet = permsService.findPermsByRoleIds(dtsAdmin.getRoleIds());
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        authorizationInfo.setRoles(roleSet);
        authorizationInfo.setStringPermissions(permsSet);
        return authorizationInfo;
    }

    /**
     * 自定义的认证方法
     * @param token the authentication token containing the user's principal and credentials.
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        //3:校验用户名及密码必须正确
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
        String username = usernamePasswordToken.getUsername();
        String password = new String(usernamePasswordToken.getPassword());
        //根据用户名查询用户对象
        DtsAdmin dtsAdmin = adminService.findDtsAdminByUsername(username);
        if(null == dtsAdmin){
            throw new UnknownAccountException("用户名不存在");
        }
        //密码  $2a$10$YMxetLNN5nXVW3iy3zf7PewXY5OoqQARTjC7ozibQdJKhwccklC/2
        BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
        if(!bCryptPasswordEncoder.matches(password,dtsAdmin.getPassword())){
            //不一样
            throw new IncorrectCredentialsException("密码不正确");
        }
        //4:校验用户是启用状态
        if(dtsAdmin.getDeleted()){
            throw new DisabledAccountException("此用户是禁止使用的");
        }
        //5:校验用户是否被锁定  同学们写一写

        AuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
                dtsAdmin,password,this.getName()
        );
        return authenticationInfo;
    }

    public static void main(String[] args) {
        BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
        String encode = bCryptPasswordEncoder.encode("123456");
        System.out.println(encode);
        //$2a$10$pgpFhxpu0m8miu3fN1B8SuZUZMVU4GWWoOHTrpyDnLsoam.03.r.u
        //$2a$10$buy.CcPuEGugQ1C2XCWJhOU1A94/.buWugH3R5vXW8HQrsi9XcRuy
        //$2a$10$LEVRq1JQFgaYOXeSQFhdb.1BniTlePffForFPrGTxRIAgyCwm703G

        System.out.println("是否一样：" + bCryptPasswordEncoder.matches("123456", encode));

    }
}
